Add support for private mediawiki sites

author Tom Hughes <tom@compton.nu>

Sun, 14 Dec 2014 19:22:21 +0000 (19:22 +0000)

committer Tom Hughes <tom@compton.nu>

Sun, 14 Dec 2014 19:49:52 +0000 (19:49 +0000)
author Tom Hughes <tom@compton.nu>
Sun, 14 Dec 2014 19:22:21 +0000 (19:22 +0000)
committer Tom Hughes <tom@compton.nu>
Sun, 14 Dec 2014 19:49:52 +0000 (19:49 +0000)
diff --git a/cookbooks/mediawiki/definitions/mediawiki_site.rb b/cookbooks/mediawiki/definitions/mediawiki_site.rb

index 81751fb377354178e8e3ef41059c8c0040aac081..d6a1ab773854394cb3865a2e740cb479c4019639 100644 (file)
--- a/cookbooks/mediawiki/definitions/mediawiki_site.rb
+++ b/cookbooks/mediawiki/definitions/mediawiki_site.rb
@@ -55,7 +55,8 @@ define :mediawiki_site, :action => [ :create, :enable ] do
      :site_readonly    => params[:site_readonly] || FALSE,
      :site_admin_user  => "Admin",
      :site_admin_pw    => passwords["mediawiki-admin-user"],
      :site_readonly    => params[:site_readonly] || FALSE,
      :site_admin_user  => "Admin",
      :site_admin_pw    => passwords["mediawiki-admin-user"],
-    :enable_ssl       => params[:enable_ssl] || FALSE
+    :enable_ssl       => params[:enable_ssl] || FALSE,
+    :private          => params[:private] || FALSE
    }
  
  #----------------
    }
  
  #----------------
diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb

index e3236159eecbf27c2afb6bb8e22c765b3ae0a513..d03b78cf9f07a2bb04ffb72a396f392d8c1e9099 100644 (file)
--- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb
+++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb
@@ -167,6 +167,20 @@ $wgGroupPermissions['bureaucrat']['deletelogentry'] = true;
  $wgGroupPermissions['bureaucrat']['deleterevision'] = true;
  $wgGroupPermissions['bureaucrat']['suppressrevision'] = true;
  $wgGroupPermissions['bureaucrat']['suppressionlog'] = true;
  $wgGroupPermissions['bureaucrat']['deleterevision'] = true;
  $wgGroupPermissions['bureaucrat']['suppressrevision'] = true;
  $wgGroupPermissions['bureaucrat']['suppressionlog'] = true;
+<% if @mediawiki[:private] -%>
+
+#Disable reading by anonymous users
+$wgGroupPermissions['*']['read'] = false;
+
+#Allow anonymous users to access the login page
+$wgWhitelistRead = array ("Special:Userlogin");
+
+#Prevent new user registrations except by sysops
+$wgGroupPermissions['*']['createaccount'] = false;
+
+#Restrict access to the upload directory
+$wgUploadPath = "$wgScriptPath/img_auth.php";
+<% end -%>
  
  #Allow Subpages on Main Namespace
  $wgNamespacesWithSubpages[NS_MAIN] = true;
  
  #Allow Subpages on Main Namespace
  $wgNamespacesWithSubpages[NS_MAIN] = true;
diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb

index 6cbbc76e6d417b057a56e048e910be034f2272e7..dcded20ccb59c0dedcc049eb0a229f0e982be429 100644 (file)
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -200,6 +200,14 @@
      php_admin_flag engine off
      Options -ExecCGI -Includes -Indexes
      AllowOverride None
      php_admin_flag engine off
      Options -ExecCGI -Includes -Indexes
      AllowOverride None
+<% if @mediawiki[:private] -%>
+<% if node[:lsb][:release].to_f >= 14.04 -%>
+    Require all denied
+<% else -%>
+    Order allow,deny
+    Deny from all
+<% end -%>
+<% end -%>
    </Directory>
  
    <Directory <%= @mediawiki[:directory] %>/images/thumb/>
    </Directory>
  
    <Directory <%= @mediawiki[:directory] %>/images/thumb/>
author	Tom Hughes <tom@compton.nu>
	Sun, 14 Dec 2014 19:22:21 +0000 (19:22 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sun, 14 Dec 2014 19:49:52 +0000 (19:49 +0000)
cookbooks/mediawiki/definitions/mediawiki_site.rb		patch \| blob \| history
cookbooks/mediawiki/templates/default/LocalSettings.php.erb		patch \| blob \| history
cookbooks/mediawiki/templates/default/apache.erb		patch \| blob \| history